authzed/spicedb v1.12.0

on GitHub

Highlights

• new lookupsubjects RPC answers the question "which subjects have a given permission over a specific resource?"
• CRDB Store now exposes prometheus metrics for the connection pool
• new debug containers now being published, which includes busybox. This is convenient for development environments that require a shell
• PGX driver no longer logs on debug by default, cleaning up SpiceDB's info level
• CRDB datastore now properly supports connection draining procedures
• added configurable limits for write and delete relationship APIs
• leaner and more secure docker images based on distroless.dev

What's Changed

• hack: mv install-tools into hack dir by @jzelinskie in #737
• fix panic on cached optimized revisions by @vroldanbet in #740
• README: add OpenSSF best practices badge by @jzelinskie in #742
• bump crdb in tests to 22.1.5 by @ecordell in #745
• update spanner emulator logs by @ecordell in #746
• more resilient CRDB datastore on connection draining by @vroldanbet in #744
• Use distroless.dev/static base, add debug variants by @imjasonh in #750
• adds trivy security scanner to lint CI job by @vroldanbet in #751
• Begin work on LookupSubjects by @josephschorr in #736
• Add a nightly build for spicedb by @ecordell in #762
• Revert "Add a nightly build for spicedb" by @ecordell in #763
• fixes link to go-memdb by @vroldanbet in #766
• Fix various error references by @josephschorr in #769
• removes v1.RelationshipUpdate from datastore.ReadWriteTransaction by @vroldanbet in #771
• Fully implement the LookupSubjects API by @josephschorr in #770
• add datastore metrics to CockroachDB datastore by @vroldanbet in #774
• Begin implementation of a library for processing caveat expressions by @josephschorr in #760
• newly added lookup subject metrics weren't being unregistered by @vroldanbet in #778
• Add configurable limits for write and delete relationship APIs by @josephschorr in #775
• Dependabot Updates for Sept 1 by @josephschorr in #785
• Dependabot Updates for Sept 1, part 2 by @josephschorr in #792
• Dependabot updates for Sept 1, part 3 by @josephschorr in #795
• Handle duplicate writes in a nicer way by @josephschorr in #796
• remove dupe validation in WriteRelationships by @vroldanbet in #799
• map pgx info logging level to debug by @vroldanbet in #798
• Change v1alpha1 WriteSchema to only read namespaces it needs by @josephschorr in #805
• Update authzed-go client by @samkim in #806
• Improve write constraint failures by @josephschorr in #801
• reduce differences between release and dev dockerfiles by @vroldanbet in #797
• Remove checks on configurable PermissionService limits and rely upon defaults by @josephschorr in #808

Docker Images

This release is available at:

• authzed/spicedb:v1.12.0
• quay.io/authzed/spicedb:v1.12.0
• ghcr.io/authzed/spicedb:v1.12.0
• authzed/spicedb:v1.12.0-debug
• quay.io/authzed/spicedb:v1.12.0-debug
• ghcr.io/authzed/spicedb:v1.12.0-debug

New Contributors

• @imjasonh made their first contribution in #750

Full Changelog: v1.11.0...v1.12.0